CVE-2024-46761

Summary

In the Linux kernel, the following vulnerability has been resolved:

pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB.

The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash.

The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < 4eb4085c1346d19d4a05c55246eb93e74e671048affected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < c4c681999d385e28f84808bbf3a85ea8e982da55affected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < bc1faed19db95abf0933b104910a3fb01b138f59affected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < c0d8094dc740cfacf3775bbc6a1c4720459e8de4affected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < 438d522227374042b5c8798f8ce83bbe479dca4daffected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < b82d4d5c736f4fd2ed224c35f554f50d1953d21eaffected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < bfc44075b19740d372f989f21dd03168bfda0689affected
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666 < 335e35b748527f0c06ded9eebb65387f60647fdaaffected
LinuxLinux1fb738a3dc1304250c755e5e31715137c1c44c50affected
LinuxLinuxbc4c9766324a7e9fda48de58691796430c8511bfaffected
LinuxLinux4.9.14 < 4.10affected
LinuxLinux4.10.2 < 4.11affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux4.19.322 <= 4.19.*unaffected
LinuxLinux5.4.284 <= 5.4.*unaffected
LinuxLinux5.10.226 <= 5.10.*unaffected
LinuxLinux5.15.167 <= 5.15.*unaffected
LinuxLinux6.1.110 <= 6.1.*unaffected
LinuxLinux6.6.51 <= 6.6.*unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References